[jboss-jira] [JBoss JIRA] (WFWIP-288) JWT signed by 1024 bit long key is rejected

[Jan Kasik (Jira)]

    [ https://issues.redhat.com/browse/WFWIP-288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13944960#comment-13944960 ] 

Jan Kasik commented on WFWIP-288:
---------------------------------

[~dlofthouse] Thank you, as you said in this case it seems like an issue in the specification. I suggest to lower the priority and clone this to WFLY/WFCORE issue to make a tracking issue on our side. We should also document this inconsistency in specification later in the product so I will create JBEAP documentation issue linking this clone. WDYT?

> JWT signed by 1024 bit long key is rejected
> -------------------------------------------
>
>                 Key: WFWIP-288
>                 URL: https://issues.redhat.com/browse/WFWIP-288
>             Project: WildFly WIP
>          Issue Type: Bug
>          Components: MP JWT
>            Reporter: Jan Kasik
>            Assignee: Darran Lofthouse
>            Priority: Blocker
>
> According to MP-JWT 1.1 specification, 1024 and 2048 bit key sizes must be supported. Though when there is JWT signed by 1024 bit long key presented to the server, it is rejected and client receives "Unauthorized" (code 401) message.
> See chapter 9.2. Supported Public Key Formats:
> {quote}
> Support for RSA Public Keys of 1024 or 2048 bits in length is required. Other key sizes are allowed, but should be considered vendor-specific.
> {quote}



--
This message was sent by Atlassian Jira
(v7.13.8#713008)